How severe is CVE-2024-28011?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-28011?

This is classified as CWE-912, which is a common weakness in software security.

CVE-2024-28011

CRITICAL Year: 2024

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-912

View all →

Vulnerability Description

Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet

CVE-2020-12504

CRITICAL

CVSS:9.8(Critical)

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT...

CWE-9122020

CVE-2020-14487

CRITICAL

CVSS:9.8(Critical)

OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitr...

CWE-9122020

CVE-2020-16204

CRITICAL

CVSS:9.8(Critical)

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versi...

CWE-9122020

CVE-2021-24867

CRITICAL

CVSS:9.8(Critical)

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are af...

CWE-9122021

CVE-2021-43987

CRITICAL

CVSS:9.8(Critical)

An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regu...

CWE-9122021

CVE-2022-3203

CRITICAL

CVSS:9.8(Critical)

On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get ...

CWE-9122022

CVE-2024-28011

Vulnerability Description

Related Vulnerabilities

CVE-2020-12504

CVE-2020-14487

CVE-2020-16204

CVE-2021-24867

CVE-2021-43987

CVE-2022-3203